This is an addendum to the earlier posted HPing tutorial on packet crafting. This will hopefully show you some more uses of this rather excellent tool. Once again I have only shown some basic probes of an IDS ruleset. You can get as complex as you wish. It also serves as an excellent platform to test out your custom signatures. Anyhow how enough jabbering from me! Read on and hopefully not fall asleep.

The purpose of the following tcpdump traces, snort output, and Hping command line syntax is to demonstrate the value of Hping. Itís crafted packets will allow you to test and confirm your IDS ruleset. Only the tcp protocol was used in testing for the following examples. Though one can get as creative as one wishes with the other supported protocols, and tcp fields under Hping. For the below noted snort output, Snort 2.0 build 72 was used along with the default ruleset.

For ease of viewing and understanding the below noted packets I will give a brief explanation of the fields found within the packet header itself.

I will now show what happens when a XMAS packet is sent. Once again the above noted format will be used. If you become confused by the meaning of some of the packet
metrics used please see the earlier explanation of the header metrics.

As seen in the above noted examples Hping is very much capable of testing out an IDS ruleset through the use of crafted packets. This is of value for the simple fact that it does confirm unequivocally that your IDS rulesets are triggering to expected stimulus such as the oneís shown above. Hopeuflly some of you will find this somewhat useful.